Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/VZSRxm3ml_A23ijnM9Va4TMWjh0.roa
File:                     VZSRxm3ml_A23ijnM9Va4TMWjh0.roa (raw, json)
Hash identifier:          7MtkVkF9bomUQvYg1g+MpjW91REswNLWEdz5uVQ3rrI=
Subject key identifier:   55:94:91:C6:6D:E6:97:F0:36:DE:28:E7:33:D5:5A:E1:33:16:8E:1D
Certificate issuer:       /CN=ab53ec0e9a053cbbe0e9a071bcad9e68a99ccfa8
Certificate serial:       01963EABD36FD33BDFEDC05A55B4666EAA9A
Authority key identifier: AB:53:EC:0E:9A:05:3C:BB:E0:E9:A0:71:BC:AD:9E:68:A9:9C:CF:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1PsDpoFPLvg6aBxvK2eaKmcz6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/VZSRxm3ml_A23ijnM9Va4TMWjh0.roa
Signing time:             Wed 16 Apr 2025 12:56:10 +0000
ROA not before:           Wed 16 Apr 2025 12:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34731
IP address blocks:        80.76.16.0/20 maxlen: 20
                          80.76.16.0/21 maxlen: 21
                          80.76.24.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/q1PsDpoFPLvg6aBxvK2eaKmcz6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/q1PsDpoFPLvg6aBxvK2eaKmcz6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1PsDpoFPLvg6aBxvK2eaKmcz6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 00:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:ab:d3:6f:d3:3b:df:ed:c0:5a:55:b4:66:6e:aa:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab53ec0e9a053cbbe0e9a071bcad9e68a99ccfa8
        Validity
            Not Before: Apr 16 12:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=559491c66de697f036de28e733d55ae133168e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:40:7e:3c:19:98:2a:a8:66:17:1a:b5:c3:7d:
                    4f:9a:03:5e:ed:71:fb:86:dc:28:cf:35:ae:61:37:
                    8b:76:f7:d1:2c:e9:07:14:38:02:e2:a3:61:de:9a:
                    a1:29:cf:cc:20:b7:90:42:ce:af:1b:98:48:96:9f:
                    57:b0:00:30:8c:ec:34:18:04:f5:b1:29:a8:33:00:
                    78:91:0a:f4:d6:20:6c:bf:fd:d2:85:7b:1c:ad:c7:
                    bf:41:6a:a1:b0:d6:cb:36:87:1d:b4:54:0d:27:2a:
                    b8:2e:82:46:de:1f:3e:1f:1a:af:19:56:c4:0f:65:
                    2f:b8:e9:d2:54:c9:b6:a7:4c:b0:40:3f:6c:76:dd:
                    c6:b0:af:1e:8f:85:ec:14:d2:a3:a8:70:35:59:bd:
                    30:94:84:9f:49:bd:36:1f:dd:cc:09:b6:dd:8b:55:
                    02:cc:23:1f:1c:af:ec:7b:90:3b:da:5e:58:82:2a:
                    fb:02:a4:93:05:0c:e6:e6:5f:ea:0a:e7:80:0e:d5:
                    d5:b7:1a:4d:e8:82:77:4f:55:ba:20:7e:68:4c:f3:
                    c9:11:36:77:d0:6e:31:b8:d0:55:8f:94:e1:b5:d6:
                    6c:56:1e:24:6d:94:22:5e:87:f2:3d:b2:e6:dc:d5:
                    c9:af:01:5e:51:fb:c2:11:67:ba:0d:0b:e0:61:b9:
                    e1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:94:91:C6:6D:E6:97:F0:36:DE:28:E7:33:D5:5A:E1:33:16:8E:1D
            X509v3 Authority Key Identifier:
                keyid:AB:53:EC:0E:9A:05:3C:BB:E0:E9:A0:71:BC:AD:9E:68:A9:9C:CF:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1PsDpoFPLvg6aBxvK2eaKmcz6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/VZSRxm3ml_A23ijnM9Va4TMWjh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/q1PsDpoFPLvg6aBxvK2eaKmcz6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0a:71:d1:2f:f6:40:0f:64:c3:88:92:6e:df:d9:5b:7d:4b:1b:
         fc:27:73:bf:dd:33:88:52:3e:3a:5f:14:8c:43:52:8a:71:36:
         a4:c0:b1:bf:d5:f3:48:92:3f:d5:1e:25:80:e0:58:7c:8d:c8:
         ae:50:1a:02:4a:86:73:f6:0a:39:c3:a3:75:bd:e2:6b:33:b5:
         a4:1a:cc:25:6c:a7:e1:56:bf:d2:fc:48:9f:95:b3:5d:f0:05:
         39:d2:81:7a:5b:a4:78:88:54:95:5f:91:dd:14:53:e6:4a:37:
         40:e5:5e:57:60:04:17:1a:b0:dc:62:58:96:6e:05:95:a4:75:
         fb:2c:54:a6:0d:f6:7c:0d:74:5e:7a:93:b6:4c:85:13:a4:1f:
         b3:c7:48:74:53:a2:53:b6:9e:93:8a:01:55:52:c5:95:06:56:
         2a:b7:dc:42:46:b0:f2:86:5a:81:71:fb:a4:15:b2:21:f8:39:
         23:ae:fe:bc:20:f5:8c:96:8d:52:6d:ea:54:ca:c7:58:a2:b0:
         ca:9e:d3:26:23:a9:43:3c:ba:69:15:93:8c:0c:0a:7f:0b:ae:
         41:25:7c:5d:64:a8:13:76:c2:0c:c1:91:80:d6:08:3c:66:80:
         80:25:dc:13:dc:d5:96:3e:02:70:99:19:ea:c0:f0:78:99:93:
         b2:cc:c3:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY+q9Nv0zvf7cBaVbRmbqqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTNlYzBlOWEwNTNjYmJlMGU5YTA3MWJjYWQ5ZTY4YTk5
Y2NmYTgwHhcNMjUwNDE2MTI1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTk0OTFjNjZkZTY5N2YwMzZkZTI4ZTczM2Q1NWFlMTMzMTY4ZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUB+PBmYKqhmFxq1w31PmgNe7XH7
htwozzWuYTeLdvfRLOkHFDgC4qNh3pqhKc/MILeQQs6vG5hIlp9XsAAwjOw0GAT1
sSmoMwB4kQr01iBsv/3ShXscrce/QWqhsNbLNocdtFQNJyq4LoJG3h8+HxqvGVbE
D2UvuOnSVMm2p0ywQD9sdt3GsK8ej4XsFNKjqHA1Wb0wlISfSb02H93MCbbdi1UC
zCMfHK/se5A72l5Ygir7AqSTBQzm5l/qCueADtXVtxpN6IJ3T1W6IH5oTPPJETZ3
0G4xuNBVj5ThtdZsVh4kbZQiXofyPbLm3NXJrwFeUfvCEWe6DQvgYbnhmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWUkcZt5pfwNt4o5zPVWuEzFo4dMB8GA1UdIwQY
MBaAFKtT7A6aBTy74OmgcbytnmipnM+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFQc0Rwb0ZQTHZnNmFCeHZLMmVhS21jejZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82MWYzOTgtOTRmNi00NDY4LTg1ZjMt
NjNmY2FhYzMxY2EzLzEvVlpTUnhtM21sX0EyM2lqbk05VmE0VE1XamgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82MWYzOTgtOTRmNi00NDY4LTg1ZjMtNjNmY2FhYzMxY2Ez
LzEvcTFQc0Rwb0ZQTHZnNmFCeHZLMmVhS21jejZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUEwQMA0G
CSqGSIb3DQEBCwUAA4IBAQAKcdEv9kAPZMOIkm7f2Vt9Sxv8J3O/3TOIUj46XxSM
Q1KKcTakwLG/1fNIkj/VHiWA4Fh8jciuUBoCSoZz9go5w6N1veJrM7WkGswlbKfh
Vr/S/EiflbNd8AU50oF6W6R4iFSVX5HdFFPmSjdA5V5XYAQXGrDcYliWbgWVpHX7
LFSmDfZ8DXReepO2TIUTpB+zx0h0U6JTtp6TigFVUsWVBlYqt9xCRrDyhlqBcfuk
FbIh+Dkjrv68IPWMlo1SbepUysdYorDKntMmI6lDPLppFZOMDAp/C65BJXxdZKgT
dsIMwZGA1gg8ZoCAJdwT3NWWPgJwmRnqwPB4mZOyzMML
-----END CERTIFICATE-----